-
公开(公告)号:US20060112420A1
公开(公告)日:2006-05-25
申请号:US10994620
申请日:2004-11-22
IPC分类号: H04L9/32
CPC分类号: G06F21/41
摘要: Methods and arrangements are disclosed for secure single sign on to an operating system using only a power-on password. In many embodiments modified BIOS code prompts for, receives and verifies the power-on password. The power-on password is hashed and stored in a Platform Configuration Register of the Trusted Platform Module. In a setup mode, the trusted platform module encrypts the operating system password using the hashed power-on password. In a logon mode, the trusted platform module decrypts the operating system password using the hashed power-on password.
-
2.发明申请Enabling attestation during return from S4 state with standard TCG hardware 有权在使用标准TCG硬件从S4状态返回期间启用认证公开(公告)号:US20060085630A1
公开(公告)日:2006-04-20
申请号:US10967760
申请日:2004-10-16
申请人: David Challener , Daryl Cromer , Joseph Freeman , Steven Goodman , James Hoff , Howard Locker , Randall Springfield , James Ward
发明人: David Challener , Daryl Cromer , Joseph Freeman , Steven Goodman , James Hoff , Howard Locker , Randall Springfield , James Ward
IPC分类号: G06F9/24
CPC分类号: G06F21/575
摘要: A method and system for enabling security attestation for a computing device during a return from an S4 sleep state. When the computing device enters into the S4 state following a successful boot up, the attestation log is appended to the TPM tick count and the log is signed (with a security signature). When the device is awaken from S4 state, the BIOS obtains and verifies the log created during the previous boot. The CRTM maintains a set of virtual PCRs and references these virtual PCRs against the log. If the values do not match, the return from S4 state fails and the device is rebooted.
摘要翻译: 一种用于在从S4睡眠状态返回期间为计算设备提供安全认证的方法和系统。 当计算设备在成功启动后进入S4状态时,认证日志会追加到TPM刻度计数,并且日志被签名(具有安全签名)。 当设备从S4状态唤醒时,BIOS将获取并验证在以前引导过程中创建的日志。 CRTM维护一组虚拟PCR,并将这些虚拟PCR引用到日志中。 如果值不匹配,则S4状态返回失败,设备重启。
-
公开(公告)号:US20060101286A1
公开(公告)日:2006-05-11
申请号:US10984400
申请日:2004-11-08
IPC分类号: G06F12/14
摘要: A method for theft deterrence of a computer system is disclosed. The computer system includes a trusted platform module (TPM) and storage medium. The method comprises providing a binding key in the TPM; and providing an encrypted symmetric key in the storage medium. The method further includes providing an unbind command to the TPM based upon an authorization to provide a decrypted symmetric key; and providing the decrypted symmetric key to the secure storage device to allow for use of the computer system. Accordingly, by utilizing a secure hard disk drive (HDD) that requires a decrypted key to function in conjunction with a TPM, a computer if stolen is virtually unusable by the thief. In so doing, the risk of theft of the computer is significantly reduced.
-
公开(公告)号:US20050132182A1
公开(公告)日:2005-06-16
申请号:US10735388
申请日:2003-12-12
申请人: David Challener , James Hoff , Randall Springfield , James Ward
发明人: David Challener , James Hoff , Randall Springfield , James Ward
CPC分类号: G06F21/57 , G06F2221/2117
摘要: A Trusted Computing Platform Alliance (TCPA) endorsement certificate is provided by comparing a trusted platform module (TPM) public key transmitted by an owner of the computing device to which the TPM belongs to a copy of the key as originally stored in a remote database prior to vending the device. If a match is found the certificate is created using the public key, and then sent to the owner of the computing device.
摘要翻译: 通过将由TPM所属的计算设备的所有者发送的可信平台模块(TPM)公钥与原始存储在远程数据库中的密钥的副本进行比较来提供可信计算平台联盟(TCPA)认可证书 自动售货机。 如果发现匹配,则使用公钥创建证书,然后发送给计算设备的所有者。
-
公开(公告)号:US20060107034A1
公开(公告)日:2006-05-18
申请号:US11321809
申请日:2005-12-29
IPC分类号: G06F9/445
CPC分类号: G06F21/57 , G06F9/4406 , G06F15/177
摘要: A computer system contains selectively available boot block codes. A first boot block is of the conventional type and is stored in storage media such as flash ROM on a system planar with the processor of the computer system. A second boot block is located on a feature card and contains an immutable security code in compliance with the Trusted Computing Platform Alliance (TCPA) specification. The boot block on the feature card is enabled if the first boot block detects the presence of the feature card. The computer system can be readily modified as the computer system is reconfigured, while maintaining compliance with the TCPA specification. A switching mechanism controls which of the boot blocks is to be activated. The feature card is disabled in the event of a computer system reset to prevent access to the TCPA compliant code and function.
-
公开(公告)号:US20070192580A1
公开(公告)日:2007-08-16
申请号:US11352140
申请日:2006-02-10
IPC分类号: G06F9/00 , G06F12/14 , H04L9/00 , H04K1/00 , G06F15/177 , G06F12/00 , H04L9/32 , G06F13/00 , G06F11/30 , G06F17/30 , G06F7/04 , G06F7/58 , G06K19/00 , G11C7/00
CPC分类号: G06F21/575
摘要: A method, system and computer-usable medium are presented for remotely controlling a TPM by loading a trusted operating system into a computer; and in response to the trusted Operating System (OS) being loaded into the computer, authorizing a Trusted Platform Module (TPM) in the computer to execute a command that would otherwise require, for execution of the command, an indication of a physical presence of an operator of the computer.
摘要翻译: 提出了一种方法,系统和计算机可用介质,用于通过将可信操作系统加载到计算机中来远程控制TPM; 并且响应于被加载到计算机中的可信操作系统(OS),授权计算机中的可信平台模块(TPM)执行否则将要求执行该命令的命令,指示物理存在 电脑的操作员。
-
7.发明申请System and method for protecting against dictionary attacks on password-protected TPM keys 审中-公开防止对密码保护的TPM密钥的字典攻击的系统和方法公开(公告)号:US20070014416A1
公开(公告)日:2007-01-18
申请号:US11183116
申请日:2005-07-15
申请人: David Rivera , David Challener , James Hoff
发明人: David Rivera , David Challener , James Hoff
IPC分类号: H04L9/00
CPC分类号: H04L9/0863 , H04L9/002 , H04L9/0822 , H04L9/0897 , H04L2209/127
摘要: A computer system that may include a trusted platform module (TPM) along with a processor hashes a user-supplied password for a predetermined time period that is selected to render infeasible a dictionary attack on the password. The results of the hash are used to render an AES key, which is used to encrypt an RSA key. The encrypted RSA key along with the total number of hash cycles that were used is stored and the RSA key is provided to the TPM as a security key. In the event that the RSA key in the TPM must be recovered, the encrypted stored version is decrypted with an AES key that is generated based on the user inputting the same password and hashing the password for the stored number of cycles.
摘要翻译: 可以包括可信平台模块(TPM)以及处理器的计算机系统将用户提供的密码散列在预定时间段内,该预定时间段被选择为对密码进行字典攻击不可行。 哈希的结果用于渲染AES密钥,用于加密RSA密钥。 存储加密的RSA密钥以及所使用的散列周期的总数,并将RSA密钥作为安全密钥提供给TPM。 在必须恢复TPM中的RSA密钥的情况下,加密的存储版本将使用基于用户输入相同密码生成的AES密钥解密,并对存储的周期数进行散列密码。
-
公开(公告)号:US20060185017A1
公开(公告)日:2006-08-17
申请号:US11319329
申请日:2005-12-28
IPC分类号: G06F12/14
CPC分类号: G06F21/565 , G06F2221/2151
摘要: The present invention adds a procedure to the operating system file subsystem of a processing system that significantly reduces the amount of time necessary to verify the validity of executable files. Each executable is extended with a file signature containing a header containing validation data. This header may be added to an existing ELF header, added as a new section, or placed in a file's extended attribute store. The header contains results of all previous validation checks that have been performed. The file signature is inserted, with a date stamp, into the file attributes. On execution, the system checks the previously-created file signature against a current file signature, instead of creating the file signature for every file during the execution process. Checks to ensure that the file signature is secure, and is valid and up to date, are also implemented. Only if the file signature is not valid and up-to-date does the execution program create a new file signature at the time of execution.
摘要翻译: 本发明向处理系统的操作系统文件子系统添加了一个过程,其显着地减少了验证可执行文件的有效性所需的时间量。 每个可执行文件使用包含包含验证数据的标题的文件签名进行扩展。 该标题可以被添加到现有的ELF标题中,作为新的部分添加,或者被放置在文件的扩展属性存储中。 标题包含已执行的所有先前验证检查的结果。 将文件签名带有日期戳插入到文件属性中。 执行时,系统会根据当前文件签名检查先前创建的文件签名,而不是在执行过程中为每个文件创建文件签名。 检查以确保文件签名是安全的,并且是有效的和最新的,也被实现。 只有当文件签名无效且最新的执行程序在执行时才会创建新的文件签名。
-
公开(公告)号:US20070192581A1
公开(公告)日:2007-08-16
申请号:US11352499
申请日:2006-02-10
申请人: David Challener , Daryl Cromer , Mark Charles Davis , Jerry Dishman , Howard Locker , Randall Springfield
发明人: David Challener , Daryl Cromer , Mark Charles Davis , Jerry Dishman , Howard Locker , Randall Springfield
IPC分类号: G06F9/00 , G06F15/177
CPC分类号: G06F21/57 , G06F9/4408 , G06F21/562
摘要: A computer determines whether it has been booted from a hard disk drive or from an alternate source (e.g., a floppy drive or portable memory) that entails a higher risk of importing a virus into the computer, and if it is determined that a non-HDD source was booted from, corrective action such as a virus scan can be preemptively taken.
摘要翻译: 计算机确定是从硬盘驱动器还是从备份源(例如,软盘驱动器或便携式存储器)引导,这导致将病毒导入计算机的风险更高,并且如果确定非易失性存储器 HDD源被启动,可以抢先采取诸如病毒扫描的纠正措施。
-
公开(公告)号:US20070005951A1
公开(公告)日:2007-01-04
申请号:US11173738
申请日:2005-06-29
IPC分类号: G06F9/00 , G06F15/177
CPC分类号: G06F21/31 , G06F21/80 , G06F2221/2131
摘要: If a user forgets the power-on password of his computer, he can depress the “enter” key or “access” key once to cause the BIOS to locate the power-on password in memory and attempt to unlock the HDD using the power-on password to boot a secure O.S. The HDD password either can be the same as the power-on password or the HDD can recognize the power-on password for the limited purpose of allowing access to the secure O.S. In any case, the secure O.S. is booted for password reset.
摘要翻译: 如果用户忘记了计算机的开机密码,他可以按下“输入”键或“访问”键一次,使BIOS将内存中的开机密码定位,并尝试使用电源开关解锁硬盘, 启动安全操作系统的密码 HDD密码可以与开机密码相同,或者HDD可以识别开机密码,以便允许访问安全O.S.的有限目的。 无论如何,安全的 启动密码重置。
-
-
-
-
-
-
-
-
-
搜索结果
45 条记录 (耗时 0.024 秒)
